SymantecThreatCON (2) => (2)Microsoft has released the scheduled security bulletins for November. Three bulletins have a maximum severity rating of 'Critical'; three are rated 'Important'.

2009-11-10 17:50

US-CERTMicrosoft Releases November Security BulletinUS-CERT Current Activity
Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for November 2009. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges.

Zero Day Initiative (ZDI)ZDI-09-083: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption VulnerabilityExcel Cache Memory Corruption Vulnerability (CVE-2009-3129, MS09-067)
Vulnerability Reported
The specific flaw exists in the handling of Shared Feature Header (0x867) tags in an Excel BIFF file format. When processing the cbHdrData size element of the FEATHEADER it is possible to directly control the distance of a calculated pointer. This condition can be leveraged successfully to execute arbitrary code under the context of the currently logged in user.

2009-08-20

Zero Day Initiative (ZDI)ZDI-09-082: Microsoft Office Excel PivotTable Cache Record Parsing Memory Corruption VulnerabilityExcel Cache Memory Corruption Vulnerability (CVE-2009-3127, MS09-067)
Vulnerability Reported
The specific flaw exists when parsing a document containing a malformed PivotCache Stream. The application will utilize the iCache value of an SXVI record to seek into a list of objects. While setting an attribute of that particular object, the application will corrupt memory which can lead to code execution under the context of the currently logged in user.

2009-06-15

TippingPointTPTI-09-06: Microsoft Windows License Logging Service Heap Corruption VulnerabilityLicense Logging Server Heap Overflow Vulnerability (CVE-2009-2523, MS09-064)
Vulnerability Reported
The specific flaw exists in the handling of RPC calls to the License Logging Service (llssrv.exe). When processing arguments to the LlsrLicenseRequestW method a character array is expected to contain a terminating null byte. By supplying data that does not end in a null it is possible to overlap a call to lstrcatW, resulting in a heap overflow. Successful exploitation of this vulnerability can lead to remote system compromise under the credentials of the SYSTEM account.

2009-04-30

iDefenseMicrosoft Excel FEATHEADER Record Memory Corruption VulnerabilityExcel Featheader Record Memory Corruption Vulnerability (CVE-2009-3129, MS09-067)
Vulnerability Reported
The vulnerability occurs when parsing a FEATHEADER record within an Excel file. This record is used to store information common to multiple other records, and was introduced with Excel 2002 (XP). When certain fields of this record are set to a trigger value, it is possible to corrupt memory in such a way that the next 4 bytes in the record are treated as an object pointer. This pointer is then used to make a virtual function call, which results in the execution of arbitrary code.